ICYMI: Anonymous targets ISIS, 'advanced' attacks & TV takeover

This week's In Case You Missed It column looks the top stories on SC from the past week, including an online battle between Anonymous and ISIS, a takeover of a French TV network and demystifying claims of 'advanced' cyber-attacks.

Vigilante hactivists at Anonymous are preparing to launch DDoS attacks against hundreds of ISIS websites, the majority of which are hosted in the US or UK. CloudFlare, the content delivery network for around half of these sites, has defended its lack of censorship.

Anonymous division, GhostSec, has recently been monitoring ISIS' online and social communications as part of the Op Isis (#OpISIS) campaign with one team member telling SCMagazineUK.com that it planned to attack hundreds of ISIS websites in early April.

He/she said that the group has tired of CloudFlare's ‘blatant protection' of terrorist sites, publishing a list revealing how the CDN and DNS provider was being used by numerous ISIS websites.

“It will be a huge campaign where we will take down the ISIS sites they [are] protecting,” said the member. “All of GhostSec is dedicated to this, [its] gonna be huge. “Take a look at the content, [it's] vile. If Facebook and Twitter can remove ISIS content when reported why should CloudFlare not?”

CloudFlare CEO Matthew Prince responded by saying that requests to terminate were “strange” given the firm believes in the due process of going down proper law enforcement channels rather than listening to the ‘mob rule'. He added: “We've never been asked to terminate any sites by law enforcement.”

Security researchers have unearthed a Google Chrome extension that has potentially leaked the personal information of more than a million users back to a single IP address in the US.

Called Webpage Screenshot, the extension allows users to take a screen capture and store it. The extension has been downloaded 1.2 million times but hides the ability to copy data from a user.

Martin Zetterlund, founding partner at IT security firm ScrapeSentry, said that the firm had “identified an unusual pattern of traffic to one of our client's sites which alerted our investigators that something was very wrong.”

The information security industry constantly warns of the latest 'advanced' or 'in-the-wild' malware but new analysis from Verizon suggests that infosec pros face the same or similar threats year in, year out.

Releasing its 70-page 2015 Data Breach Investigations Report earlier this week, Verizon revealed a number of headline findings, from the rise of phishing and exploitable software vulnerabilities to data breaches costing up to £162 per lost record.

Meanwhile, the firm indicated that cyber-crime activity remains – as it was in 2014 – split into the same old categories. Over the last ten years, 92 percent of all 100,000 security incidents fell into nine basic patterns, with that increasing to 96 percent this year.

Hackers claiming to be closely associated with ISIS took French TV station TV5Monde offline for hours and defaced its social media sites earlier today.

Hackers claiming to be part of the 'Cyber Caliphate', which has previously hacked Newsweek and taken over the social media accounts of the US CENTCOM, reportedly compromised the TV network, took charge of its Facebook accounts and even uploaded photos which it claimed were of personal IDs and CVs of the relatives of French soldiers participating in the campaign against ISIS.

After around three hours of no service, broadcast resumed on early Thursday morning (although initially the network was only airing pre-recorded material), with social media networks back in control by around 2am GMT.

Adrian Culley, an independent security consultant and former Met Police Computer Crime Unit detective, told SCMagazineUK.com: “This, to my knowledge, is the first time there's been mention of a cyber-terrorist attack…This is a game-changer, it's unprecedented.”

Last week's news round-up clearly caught the attention, summarising the Chrome plug-in flaw, new claims against an ‘unethical' Facebook and the continuing fight between law enforcement and technology companies over encryption.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.